A recently-exposed flaw in Apache Log4j (a java-based logging utility used by numerous applications amongst nearly all public and private sectors) is rendering many entities and corporate systems vulnerable to cyber-attacks. Attackers have already invaded vulnerable networks to steal system credentials and data. Third-parties associated with companies can also make the company’s own system and network vulnerable to attacks.
Why Does This Matter?
Because of this Log4j flaw, software has been publicly released that further exploits the vulnerability. This allows attackers to access system credentials and system data, and even allows attackers to fully access servers affected by the vulnerability. Because Log4j is used in nearly all sectors, experts suspect that these vulnerabilities will provide opportunities for cyber-attacks for years to come.
What Should My Company Do?
The most important step is to take immediate action to limit the likelihood and severity of future cyber-attacks from vulnerabilities associated with Log4j. Companies should first assess whether their systems utilize Log4j, and if so, determine whether any containment measures are available. To mitigate the possibility of a vulnerability in their systems, companies should monitor the release of patches for Log4j and applications that utilize Log4j. Companies should also assess whether their third-party vendors are also utilizing Apache Log4j and whether these vendors have access to company systems and data.